Common use of Certifications and Audits Clause in Contracts

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. List of Schedules Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: On behalf of Customer: Name (written out in full): Position: Address: Signature: On behalf of Entrust Datacard: Name (written out in full): Xxxx X. Xxxxxxx Position: General Counsel Address: 0000 Xxxx Xxxxx, Xxxxxxxx, Xxxxxxxxx 00000-0000 XXX Signature: SCHEDULE 1 - DETAILS OF PERSONAL DATA PROCESSING Nature and Purpose of Processing Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing Upon written request by CustomerEntrust, Entrust DatacardVendor, to the extent that it is acting as a Data Processor to CustomerEntrust, shall make available to Customer Entrust all information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard Vendor shall have no obligation to provide commercially confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writingbasis, Entrust Datacard Vendor shall, to the extent that it is acting as a Data Processor to CustomerEntrust, following a request by Customer Entrust and at CustomerEntrust’s expense, further allow for and contribute to off-site audits and inspections by Customer Entrust or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Vendor and Entrust Datacard and Customer prior to initiation. Customer Such agreement will not be unreasonably withheld or delayed by Vendor. Entrust shall promptly notify Entrust Datacard Vendor with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard Vendor shall use commercially reasonable efforts to address any confirmed non- non-compliance. List of Schedules Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses Schedule 3: Information Security Requirements The parties' authorized signatories have duly executed this DPA: On behalf of CustomerVendor: Name (written out in full): Position: Address: Signature: On behalf of Entrust DatacardEntrust: Name (written out in full): Xxxx X. Xxxxxxx Position: General Counsel Chief Legal and Compliance Officer Address: 0000 Xxxx Xxxxx, Xxxxxxxx, Xxxxxxxxx 00000-0000 XXX Signature: SCHEDULE 1 - DETAILS OF PERSONAL DATA PROCESSING Nature and Purpose of Processing Entrust Datacard Vendor will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer Entrust in its use of the Services.

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. List of Schedules Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: On behalf of Customer: Name (written out in full): Position: Address: Signature: On behalf of Entrust Datacard: Name (written out in full): Xxxx X. Xxxxxxx Position: General Counsel Address: 0000 Xxxx Xxxxx, Xxxxxxxx, Xxxxxxxxx 00000-0000 XXX Signature: SCHEDULE 1 - DETAILS OF PERSONAL DATA PROCESSING Nature and Purpose of Processing Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.